PatPHP Posted July 30, 2008 Share Posted July 30, 2008 Hi Guys What do you do to prevent ms sql injection? In mysql it is easy with escape... but what's the solution for MS? I searched already in google for a bit but didn't find anything useful. thx Link to comment https://forums.phpfreaks.com/topic/117324-prevent-ms-sql-injection/ Share on other sites More sharing options...
corbin Posted July 30, 2008 Share Posted July 30, 2008 Remember how the escape character for MySQL is \? (EG: SELECT * FROM users WHERE username = 'Corbin\'s Name' In MSSQL, the escape character is another single quote. (EG: SELECT * FROM users WHERE username = 'Corbin''s Name' So, it's quite simple to make your own function. function mssql_escape($str) { return str_replace("'", "''", $str); } Link to comment https://forums.phpfreaks.com/topic/117324-prevent-ms-sql-injection/#findComment-603803 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.